Differences

This shows you the differences between two versions of the page.

--- cloud:azure [2024/06/10 06:00] – skipidar
+++ cloud:azure [2024/07/22 20:15] (current) – [IAM and Role Based Access Control] skipidar
@@ Line 110: / Line 110: @@
+==== Azure API Management ====
+=== Policies ===
+  * Intro https://www.svenmalvik.com/azure-apim-policies/
+  * Example https://learn.microsoft.com/en-us/azure/api-management/api-management-policies
+=== Evaluation order ===
+Policies are **executed sequentially** based on their placement within the policy configuration.
 ==== Network ====
@@ Line 131: / Line 144: @@
 ==== Azure Data Ops ====
+Data Management Landing Zone:
+{{https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/cloud-scale-analytics/images/data-management-overview.png#lightbox}}
+Source:
+https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/cloud-scale-analytics/architectures/data-management-landing-zone
+) Data Landing Zone:
 {{https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/cloud-scale-analytics/images/data-landing-zone-2.png#lightbox}}
-Source
+Source:
 https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/cloud-scale-analytics/architectures/data-landing-zone
+==== IAM and Role Based Access Control ====
+see
+https://learn.microsoft.com/en-us/training/modules/describe-azure-identity-access-security/6-role-based-access-control
+{{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/vKOYaMe0Ce.png}}
+Azure Custom Roles:
+  * https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles#custom-role-example
+IAM and Role Based Access Control
+<sxh java>
+{
+  "assignableScopes": [
+    "/"
+  ],
+  "description": "Allows for send access to Azure Service Bus resources.",
+  "id": "/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
+  "name": "69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
+  "permissions": [
+    {
+      "actions": [
+        "Microsoft.ServiceBus/*/queues/read",
+        "Microsoft.ServiceBus/*/topics/read",
+        "Microsoft.ServiceBus/*/topics/subscriptions/read"
+      ],
+      "notActions": [],
+      "dataActions": [
+        "Microsoft.ServiceBus/*/send/action"
+      ],
+      "notDataActions": []
+    }
+  ],
+  "roleName": "Azure Service Bus Data Sender",
+  "roleType": "BuiltInRole",
+  "type": "Microsoft.Authorization/roleDefinitions"
+}
+</sxh>
+Custom role, which allows to assign roles to Azure API Managers.
+<sxh java>
+{
+  "Name": "APIM Role Assignment Manager",
+  "IsCustom": true,
+  "Description": "Allows managing role assignments for Azure API Management",
+  "Actions": [
+    "Microsoft.Authorization/*/write",
+    "Microsoft.Authorization/*/delete"
+  ],
+  "NotActions": [],
+  "DataActions": [],
+  "NotDataActions": [],
+  "AssignableScopes": [
+    "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.ApiManagement/service/<apim-service-name>"
+  ]
+}
+</sxh>